Security

Users in Genus are mapped to one or more identity providers (ID providers). This setup allows multiple authentication mechanisms:

• OAuth2 & OpenID Connect: Supports enterprise authentication providers such as Entra ID (Azure AD), Google, ADFS, and BankID.

• Two-Factor Authentication (2FA): Available through external ID providers.

• Native ID Provider: Genus includes a built-in ID provider for standalone deployments.

Authentication can be handled through API keys or tokens for external frontends consuming Genus Web Services (REST and SOAP).

Genus employs a multi-layered role-based access control (RBAC) and attribute-based access control (ABAC) model:

Security Groups

Security groups define user roles and grant permissions. Groups can be hierarchical, inheriting permissions from parent groups, supporting role-based and level-based security models, and allowing mixing of these within the same application. This enables a continuum of security strategies, ensuring that organizations can apply the right level of control where needed.

Account Profiles

An account profile represents a user’s identity and account policies within the application. It includes user-specific details such as profile picture, username, email address, authentication, and session management options.

Beyond personal settings, it enforces security and access control by linking users to business objects (e.g., employees or customers). When mapped to an Object Class, it enables Conditional Security, dynamically granting or restricting access based on business relationships, ensuring users only access relevant cases, tasks, or objects.

Permissions control access to objects using CRUD (Create, Read, Update, Delete) rights and can be enforced at different levels:

• Object Class-Level Permissions: Control access to entire types of objects.

• Property-Level Permissions: Define access to specific fields within objects.

• Action-Level Permissions: Restrict execution of specific actions to authorized users or groups.

• Conditional Security: Dynamically assigned permissions based on real-time data.

Fine-grained permission control:

• Find and List: Users can see objects in search results or listings.

• Read and Execute: Users can open and view an object in a user interface form.

• Create: Users can create new objects of this object class.

• Modify: Users can update or edit objects they have access to.

• Delete: Users can delete objects if granted the necessary permissions.

• Read Event History: Displays the log of all changes made to an object.

• Read Permissions: Displays which users have access to an object.

• Set Search Criteria: Users can apply filters and search based on object properties.

Genus supports multiple levels of permissions, allowing organizations to enforce security policies with precision. The available permission levels include:

• No Security: The object class is open to anyone accessing the application.

• Inherited Permissions: Access to an object class is determined by access to a referenced object.

• Granted Permissions: Explicitly granted access at the object level.

• Grant with Conditions: Access is dynamically granted based on business rules.

Permissions are always enforced on the server side, ensuring security even if the web client is manipulated.

Privileges define the types of operations and actions members of a security group can perform, including:

• Sign in as a Desktop user.

• Open Genus Studio.

• Manage users.

As Permissions, Privileges are consistently enforced on the server side, preventing unauthorized access and manipulation.

The Grant Matrix is a built-in tool for checking and verifying security settings for specific users and security groups. It allows administrators to review, validate, and troubleshoot user access rights, ensuring that permissions and privileges are correctly configured and aligned with security policies.

In many enterprise applications, access to information must be dynamically assigned based on real-time data rather than predefined user roles. Conditional Security in Genus allows permissions to be granted based on specific conditions within the application data itself.

For example:

• In a case management system, team members should automatically gain access to relevant case information when assigned to a case.

• In a task-based workflow, a user’s access to an activity could be based on whether they are assigned to that specific task.

• A manager may automatically be granted access to records related to their direct reports.

This data-driven approach ensures that access is dynamic, relevant, and aligned with business processes rather than relying solely on static security groups. The entire data model can be leveraged to define security rules, enabling the enforcement of security policies tailored to specific application needs.

Genus enforces data security from the bottom up — ensuring that no user or interface can access or modify data without explicit authorization. By securing data first, then functionality, Genus ensures that all data access is strictly controlled and monitored at multiple levels.

Genus enforces strict data access policies:

• Data Partitions: Separate data storage between different business entities (e.g., companies within an enterprise) using shared application models while ensuring complete isolation.

• Shared & Segregated Data Models: Some object classes can be shared across multiple tenants, while others remain strictly isolated.

• Database and API Security: Genus ensures that API calls respect all configured security constraints, preventing unauthorized data access.

Web browsers and external systems are untrusted, so all business rules must be enforced server-side. Genus prevents manipulation with built-in security mechanisms:

• Data Validations: Ensuring only valid data is processed and stored. Data validations are enforced before saving, preventing users from submitting incorrect or incomplete data.

• Uniqueness & Consistency Constraints: Preventing the creation of duplicate records by enforcing unique values for specific fields or field combinations.

• Consistency Constraints: Validating business rules before an operation is committed ensures data consistency across objects, preventing scenarios in which an object might enter an invalid state.

• Delete Constraints: Protect critical records from accidental or unauthorized deletion by enforcing deletion rules at the object level.

• Rules: Defining automatic server-side actions triggered by specific changes in the data model. These rules ensure that business logic is consistently applied across the system and cannot be bypassed by client-side manipulation.

• Server-Side Actions: Ensuring sensitive operations, such as financial transactions, are always executed securely, preventing users from tampering with workflows.

Run with Highest Privilege

The Run with Highest Privilege mechanism allows specific actions to be executed with elevated permission without granting users direct access to underlying data. This is useful in cases where users need to trigger operations that require broader access than they normally possess.

For example:

• A system log entry may need to be written when an operation is performed, but users should not have general write access to the log.

• A batch process may require temporary access to restricted data but should not expose that data to the initiating user.

This approach mitigates the problem of access creep, where security models become less restrictive over time as more users are granted unnecessary permissions.

Security Audits and Compliance

• External Security Audits: External security auditors periodically evaluate the Genus platform to ensure compliance with industry best practices.

• OWASP Top 10 Protection: Genus is hardened against the most critical web security risks defined by the Open Web Application Security Project (OWASP).

• Secure Communication: All data transmission is encrypted using HTTPS with TLS 1.2+ to prevent unauthorized interception.

Audit Trail

To ensure traceability and compliance, Genus records a comprehensive audit trail of all critical system actions:

• Logging of CRUD Operations: Tracks who accessed, modified, or deleted data.

• Search & Read Tracking: Optionally logs which users have searched for and viewed specific data.

The audit trail does more than provide an event history—it serves as a deterrent against malicious insiders by ensuring that all actions are logged and reviewable.  Monitoring discourages unauthorized access attempts.

SIEM

Genus also integrates with enterprise SIEM (Security Information and Event Management) tools for real-time monitoring and alerts.

The outer security layer of a Genus deployment includes:

• Web Application Firewall (WAF): Protects against injection, overflow, and DoS attacks.

• Kubernetes & Database Security: Backend components are never publicly accessible and should be restricted to private endpoints, VPNs, or jump boxes.

• Secrets and passwords: should be stored securely in Azure Key Vault, GitLab Secrets, or similar vault services, avoiding exposure in clear text.